Implement AllowUnverifiedNodes

svn:r2246

doc/TODO

@@ -24,8 +24,8 @@ NICK    . put ip:port:keyhash in intro points, rendezvous points,
 NICK    - unify similar config entries that need to be split. put them
           into a smartlist, and have things take a smartlist.
 
-        - "AllowUnverifiedRouters" config option
-NICK      - Parse it into 3 bits
+        . "AllowUnverifiedRouters" config option
+        o Parse it into 3 bits
 ARMA      - Consider it when picking nodes for your path
 ARMA    - if there's only one entrynode preference and multiple exit node
           choices, don't pick the desired entrynode as exit.

src/or/config.c

@@ -231,6 +231,7 @@ static int config_assign(or_options_t *options, struct config_line_t *list) {
 
     /* string options */
     config_compare(list, "Address",        CONFIG_TYPE_STRING, &options->Address) ||
+    config_compare(list, "AllowUnverifiedNodes", CONFIG_TYPE_CSV, &options->AllowUnverifiedNodes) ||
     config_compare(list, "AuthoritativeDirectory",CONFIG_TYPE_BOOL, &options->AuthoritativeDir) ||
 
     config_compare(list, "BandwidthRate",  CONFIG_TYPE_INT, &options->BandwidthRate) ||
@@ -808,9 +809,25 @@ int getconfig(int argc, char **argv, or_options_t *options) {
   }
   if(options->FirewallPorts) {
     SMARTLIST_FOREACH(options->FirewallPorts, const char *, cp,
-    { i = atoi(cp); 
+    { i = atoi(cp);
       if (i < 1 || i > 65535) {
-        log(LOG_WARN, "Port %s out of range in FirewallPorts", cp);
+        log(LOG_WARN, "Port '%s' out of range in FirewallPorts", cp);
+        result=-1;
+      }
+    });
+  }
+  options->_AllowUnverified = 0;
+  if(options->AllowUnverifiedNodes) {
+    SMARTLIST_FOREACH(options->AllowUnverifiedNodes, const char *, cp,
+    { if (!strcasecmp(cp, "entry"))
+        options->_AllowUnverified |= ALLOW_UNVERIFIED_ENTRY;
+      else if (!strcasecmp(cp, "exit"))
+        options->_AllowUnverified |= ALLOW_UNVERIFIED_EXIT;
+      else if (!strcasecmp(cp, "middle"))
+        options->_AllowUnverified |= ALLOW_UNVERIFIED_MIDDLE;
+      else {
+        log(LOG_WARN, "Unrecognized value '%s' in AllowUnverifiedNodes",
+            cp);
         result=-1;
       }
     });

src/or/or.h

@@ -808,6 +808,11 @@ struct circuit_t {
 
 typedef struct circuit_t circuit_t;
 
+#define ALLOW_UNVERIFIED_ENTRY  1
+#define ALLOW_UNVERIFIED_EXIT   2
+#define ALLOW_UNVERIFIED_MIDDLE 4
+
+
 /** Configuration options for a Tor process */
 typedef struct {
   struct config_line_t *LogOptions; /**< List of configuration lines
@@ -836,6 +841,8 @@ typedef struct {
   char *RendExcludeNodes; /**< Comma-separated list of nicknames not to use
                            * as introduction points. */
 
+  smartlist_t *AllowUnverifiedNodes; /**< List of "entry", "middle", "exit" */
+  int _AllowUnverified; /**< Bitmask; derived from AllowUnverifiedNodes; */
   struct config_line_t *ExitPolicy; /**< Lists of exit policy components. */
   struct config_line_t *SocksPolicy; /**< Lists of socks policy components */
   /** Addresses to bind for listening for SOCKS connections. */